Home » Cisco » 640-554 » Which characteristic is a potential security weakness of a traditional stateful firewall?
Which characteristic is a potential security weakness of a traditional stateful firewall?
A. It cannot support UDP flows.
B. It cannot detect application-layer attacks.
C. It cannot ensure each TCP connection follows a legitimate TCP three-way handshake.
D. It works only in promiscuous mode.
E. The status of TCP sessions is retained in the state table after the sessions terminate.
F. It has low performance due to the use of syn-cookies.
Correct Answer: B
Explanation/Reference:
Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implementa tion_design_guide09186a00800fd670.html
Cisco IOS Firewall consists of several major subsystems:
Stateful Packet Inspection provides a granular firewall engine Authentication Proxy offers a per-host access control mechanism Application Inspection features add protocol conformance checking and network use policy control Enhancements to these features extend these capabilities to VRF instances to support multiple virtual routers per device, and to Cisco Integrated Route-Bridging features to allow greater deployment flexibility, reduce implementation timelines, and ease requirements to add security to existing networks.
